Introduction to System Administration

Download Report

Transcript Introduction to System Administration

Network Services
CSCI N321 – System and Network Administration
Copyright © 2000, 2007 by Scott Orr
and the Trustees of Indiana University
Section Overview
Client-Server Model
Network Ports, Services and Daemons
Network Protocols
Viewing Active Ports
Common Server Daemons
References
Linux System Administration
Chapter 18 (pgs. 305-332)
Optional: Chapters 20 & 21
CQU 85321 System Administration Course
Textbook
Lectures
Chapter
2002
16
#16
TCP/IP Protocol Stack
Application (FTP, HTTP, DNS)
Transport Layer (TCP,UDP)
Network Layer (IP)
Link Layer (Device Drivers)
Physical Layer (media)
Client-Server Model
Server
Client
Makes a request
Request fulfilled
Listens for
incoming
requests
Network Ports
Enables processes to communicate with
each other across a network
64K possible ports
Privileged ports



< 1024 reserved for system use only
Correspond to well-known services
/etc/services
/etc/services
Service-name port/protocol aliases
Examples:
ssh
smtp
www
imaps
syslog
22/tcp
25/tcp
mail
80/tcp
http www-http
993/tcp
514/udp
Running Network Servers
Stand-alone Daemon




Each started via rc script
Always running
Listens (binds) to the service port
Uses resources even when idle
inetd “Super-daemon”




Listens to many ports
Starts daemon when request is received
Daemon shuts down when finished
/etc/inetd.conf
/etc/inetd.conf
service_name: Service name
sock_type:



stream (tcp)
dgram (udp)
raw (direct IP)
proto: protocol used (/etc/protocol)
flags: wait, nowait
user: User to run daemon as
server_path: Full path to daemon program
args: Command line arguments to daemon
Xinetd
Replacement for inetd
Enhancements



Access Control
Resource based limits
Logging (Success and Failure)
Default: /etc/xinetd.conf
Service Specific: /etc/xinetd.d
/etc/xinetd.conf
defaults
{
instances
log_type
log_on_success
log_on_failure
cps
}
=
=
=
=
=
60
SYSLOG authpriv
HOST PID
HOST
25 30
includedir /etc/xinetd.d
Example xinetd service
/etc/xinetd.d/imaps:
service imaps
{
disable
socket_type
wait
user
server
groups
flags
}
=
=
=
=
=
=
=
no
stream
no
root
/usr/local/sbin/imapd
yes
REUSE IPv6
Windows Service Management
Microkernel – Everything a service
Administrative tools -> Services
Service Options




Startup Type: Automatic, Manual, Disabled
Log On: Which user to run service as
Recovery: What to do on failure
Dependencies: Which services does this
one depend upon
Windows Service Recovery
Settings for:



First Failure
Second Failure
Subsequent
Failures
Counter Reset
(Days)
Options:




Take no Action
Restart the
Service
Run a program
Restart the
Computer
Network Protocols
Service request/response syntax
Often uses English commands
Request For Comments (RFC)



Documentation for protocols and practices
Each revision its own number
May have a second classification
 For Your Information (FYI)
 Best Common Practices (BCP)
 Standards (STD)
Viewing Active Ports
netstat –a – Ports in use



Source/destination addresses and ports
Protocol used
State
 LISTEN
 ESTABLISHED
lsof –i :service – Process using port
tcpdump – View network traffic
Resource Sharing Daemons
Network File System (NFS)


nfsd
mountd
Line Printing Daemon (lpd)
Samba


smbd – Microsoft file and print sharing
nmbd – Microsoft name resolution
Internet Daemons
telnetd – Remote Access
ftpd – File transfer
Berkeley-R Daemons
sshd – Secure Shell
Electronic Mail


sendmail/postfix – Receiving email
imapd, popd – Remote email access
httpd – Web
Infrastructure Daemons
named – DNS
dhcpd – Dynamic Host Config Protocol
nisd/ldapd – Directory Services
fingerd – User information
xntpd – System time synchronization
routed/gated – Routing
Firewall